This is the final installment of a 4-part series on service function chaining.
In previous installments, I described what service functions and service function chains are, and why you should be concerned about them. The extremely brief summary is that service functions are deployed by network operators to monitor, track, filter, or modify the information you send across the Internet. They are, broadly speaking, requested by neither you nor the person or site you’re trying to communicate with, and again, broadly speaking, not for your benefit. Service function chaining is a technology being currently developed & standardized to help operators deploy many service functions easily.
I want to spend most of this post talking about what can be done to combat threats to our privacy and our freedom posed by service function chaining. However, before I do, I think it is worth clarifying how I think about the ethics surrounding these technologies.
Is service function chaining as a technology morally neutral?
It was pointed out, in a comment on an earlier post, that the specific objectionable behaviors I described in this series can generally be attributed to specific service functions, rather than the more general technology of service function chaining. The argument is essentially, “yes, I concede that carriers are using some service functions to do bad things, but that doesn’t mean service function chaining is bad. Some service functions are not bad and service function chaining is just technology that makes it easier to deploy them.”
Of course, there are some service functions that perform useful purposes in pursuit of the public good. Take firewalls as an example. They’ve been deployed for years as a security function, and good security is generally a public good. But, as I have said, they’ve been deployed for years. Service function chaining is not any kind of key enabling technology for firewalls. The same goes for other security-related service functions like intrusion detection.
Thinking of service function chaining as morally neutral because it doesn’t intrinsically do harm is to ignore the context. Being against the harmful service functions I’ve outlined, but for service function chaining is like being against carpet bombing but for B-29s.
We’ve seen a proliferation of harmful service functions in recent years, and any intelligent analysis of the use cases and requirements promulgated in the Internet Engineering Task Force for service function chaining leads to the conclusion that network operators plan to deploy them in ways that threaten privacy and civil liberties.
What can be done?
It’s my hope that technologists reading this will be convinced that service function chaining is a bad idea. Still, few of us have complete liberty to just walk away from developing this technology. We have our families or career ambitions to consider. Some of us will continue because we don’t recognize freedom of speech or the press as being more important than national unity and stability. And, there are powerful, moneyed interests pushing for this technology. Individually, even if we refuse, others engineers will step up. If the CTO and CEO of our company decide not to develop products in this category, we can be assured that other companies will. But, I still wish that our industry’s best and brightest find something more worthwhile to spend their time on.
So, my conclusion is that the development and deployment of this technology is all but inevitable. Might we ask our governments to safeguard our privacy & civil liberties by outlawing the worst excesses? In the United States, anyway, this is nominally one of the main roles of governments. The network operators have powerful lobbying groups, but the recent reclassification of Internet service under Title II of the Communications Act expressly against the wishes of the most powerful network operators gives me some hope the FCC is still able to act in public interest. I personally do not have a good feel for whether opposition to the tracking of online activity for ads will ever solidify into a movement strong enough to force change. Many technology companies besides network operators are building ever more sophisticated and invasive systems.
Furthermore, in many parts of the world it is the governments themselves that are developing and deploying service functions for the purpose of censorship and rooting out political dissidents. The people in these places obviously cannot ask governments for help in this matter.
End users and companies providing services over the top of networks do have a powerful set of tools to safeguard privacy and ensure no tampering of data has occurred: encryption. There is no technical reason why we can’t encrypt the entire World Wide Web. The overhead of encryption, relative to computation require to deliver a typical service over the Internet has plummeted as server chips increase in speed and increasingly have purpose-built circuits for such encryption. Several efforts like HTTPS Everywhere and Let’s Encrypt are actively promoting this.
Encrypting application traffic doesn’t solve all the problems introduced by service functions designed to filter or track. Network operators can still determine the site a user is visiting and block it even when using encryption. For individuals who want better privacy or access to censored content, it may be possible to use a Virtual Private Network. This prevents your Internet service provider from seeing what sites you visit, and they cannot block specific sites. They may, however, block the Virtual Private Network connection entirely, so this may not be a viable option for citizens of repressive governments. Lastly, with a Virtual Private Network, traffic is decrypted by the company that provides it. One typically chooses a provider that promises not to snoop on or mess with your data, and is located in a country with strong laws against such abuses, but there are no absolute guarantees.
It is my hope that in the United States, increased use of encryption will destroy the economics of tracking for advertisements. Google and Facebook have driven the margins of this kind of business incredibly low, so if a large enough portion of the Web is encrypted by default, network operators won’t get enough useful data to justify the expense of deploying service function chains of this type.
I’m also hopeful that in the arms race that pits anti-censorship technologies like Virtual Private Networks and Tor against censorship technologies like service function chaining, that anti-censorship will win and make it no longer feasible to operate The Great Firewall of China with anything near its current effectiveness. This one is more just a technologists dream than any kind of inevitability, but it does influence me personally when I consider my role in the technology industry. I hope others reading this feel and act the same way.